Objective Plan

Objective

What will be done

Responsible

Resources required

Evaluation

Est. completion date

1) Ensure the protection of non-public data managed by FundApps' Information Systems.

Implement conditional access to allow same controls on BYOD than corporate devices

Information Security Lead

External expertise on conditional access

Conditional Access has been deployed to Okta

End of December 2021

2) Ensure the protection of all FundApps Information Systems against the risks of unauthorised access, misuse, damage and abuse.

Automate security testing for Infrastructure as Code

Information Security Lead

Recurrent budget

Automated security testing for IaC implemented in build pipeline

End of June 2021

3) Demonstrate a high level of competence and expertise in Information Security

Maintain a SOC 2 Type II Report

Information Security Lead

External auditor

SOC 2 Type II Report

End of November 2021

4) Maintain compliance with security standards.

Obtain ISO 27001 certification

Information Security Lead

Internal and External auditors

ISO 27001 certification

End of November 2021

5) Foster a culture of security awareness within FundApps.

Provide security awareness training refresher for all staff

Information Security Lead

None

Security awareness refresher training provided to all staff

End of September 2021

6) Protect FundApps from liability or damage due to an Information Security Incident.

Review compliance with Privacy laws

Legal counsel

Recruit legal counsel

Compliance with privacy laws reviewed

End of December 2021

7) Maintain a cycle of continuous improvement.

Remediate findings identified by ISO 27001 readiness assessment and Internal audit

Information Security Lead

None

All non-conformities have been remediated

End of July 2021